The present disclosure relates generally to managing compliance of remote devices that access an enterprise system. More particularly, techniques are disclosed for using a compliance policy to manage remediation of non-compliance uses of remote devices to access an enterprise system.
With the proliferation of devices including mobile devices, many enterprises are adopting a “bring your own device” (BYOD) policy. BYOD enables users to bring their own devices to connect to an enterprise's system to access resources (e.g., applications or data) provided by the enterprise. A BYOD policy may permit users to continue use of their own devices for personal use. Managing different uses (e.g., personal use and corporate use) of user-owned devices in an enterprise system becomes a paramount concern for an enterprise. Permitting user-owned devices to access an enterprise system can present new security risks. Once access to an enterprise system is obtained by a user-owned device, the enterprise system may be exposed to security risks from non-compliant devices and non-compliant use of devices. Enterprise systems may be challenged to find ways to separate personal data from enterprise data on user-owned devices. User-owned devices may contain personal information and have special privacy considerations. Many user-owned devices may lack enterprise security controls to enable integration of those devices into an enterprise system. Security becomes an even greater concern when user-owned devices are compromised (e.g., hacked, stolen, or lost). Enterprises are searching for new and improved ways to integrate user-owned devices with the enterprise identity governance and access control infrastructure for security and compliance reasons.
To facilitate management of user-owned devices and corporate devices that access an enterprise system, some enterprises may implement a mobile device management (MDM) system and/or a mobile application management (MAM) system. Such systems may facilitate management and control of access to an enterprise system to ensure an enterprise system and its resources are secured. Management and control of access to an enterprise system may include communicating information about compliance and resources, and actions that must be taken for maintaining access to the enterprise system.
An enterprise that has thousands of users (e.g., employees, contractors, and customers), may be faced with the task of managing access and compliance for thousands of devices that access the enterprise. Users may operate different devices for different roles for accessing an enterprise system. Many users may be burdened with managing compliance for an enterprise system, which often times may be complex. An enterprise system may have many different compliance rules, which can vary based on a variety of factors including a user roles and device types. In some instances, the compliance rules may conflict when a user is associated with multiple roles, such that the user in unable to clearly determine the applicable compliance policies. For users that operate multiple devices, these users may be unable to keep track of compliance on each of their devices. Enterprises may have a difficult time to get users to comply with compliance policies. To further complicate matters, users may operate devices differently with respect to personal use, such that enterprises are challenged with ways to ensure that each device associated with a user is compliant.
As a result of the complexities of managing compliance on devices that access an enterprise system, enterprises are unable to routinely manage compliance on devices. To ensure that access to an enterprise system is not compromised, an enterprise may completely restrict access to an enterprise system regardless of a severity of non-compliance and a user's role. Some devices may need to be manually inspected for compliance and remediation. Devices may not be equipped to automatically implement remediation for compliance related to accessing an enterprise system. Enterprises are searching for ways to manage compliance and remediation of devices that access an enterprise system.